Stats

February 11, 2013

Social Media Compliance Guidance Finally (Almost) Arrives

A couple of years ago, I opined that the time was coming when the federal bank regulators would get around to "suggesting" that every bank have a policy in place that governed the use of social media by its employees.

At some point (which may have already arrived), banks aren’t going to have the option of doing nothing. Social media use by employees is
proceeding at a rapid pace, and social media governance policies are a
wise idea, whether or not the bank is going to jump into the use of
social media itself. Not having any policy to govern the use of social
media by employees in ways that could adversely affect the bank, or,
having a policy in place but not adopting effective tools to monitor and
enforce it, might be considered to be unsafe. As a recent client alert from Norris McLaughlin & Norris P.A.
points out, the SEC and FINRA are already focused on social media sites
and the risks they pose to the businesses they regulate. While the
federal banking agencies are currently otherwise occupied, banks should
take the trend seriously and be seriously thinking about social media
governance.

The federal banking regulators have finally gotten around to specifically addressing social media risks, and the time for seriously thinking about social media governance has arrived for even the most dilatory of banks. On January 22, 2013, the FFIEC issued proposed consumer compliance risk guidance with respect to social media. Included in the proposed guidance is the following admonition:

Financial institutions should be aware that employees’ communications via social media — even through employees’ own personal social media accounts — may be viewed by the public as reflecting the financial institution’s official policies or may otherwise reflect poorly on the financial institution, depending on the form and content of the communications. Employee communications can also subject the financial institution to compliance risk as well as reputation risk. Therefore, financial institutions should establish appropriate policies to address employee participation in social media that implicates the financial institution.

Yes, it's "proposed guidance." The FFIEC is asking for comments, and if you have any, get them in within the 60-day window. Nevertheless, I do not expect that the FFIEC will abandon its position that financial institutions should adopt "appropriate policies" regarding employee use of social media that could impact the institution.

Chris Dye of Harland Financial Solutions and I are doing a webinar next month for BankersHub on the topic of "de-risking" the legal risk of social media use by financial institutions and their employees. Although special attention will be given to the proposed FFIEC guidance, we'll be ranging beyond that subject.